skills/lobbi-docs/claude/local-llm/Gen Agent Trust Hub

local-llm

Fail

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches an installation script from the official Ollama domain (ollama.com).
  • [REMOTE_CODE_EXECUTION]: The official Ollama installation script is executed by piping its content directly to the shell.
  • [COMMAND_EXECUTION]: Administrative privileges are requested via sudo to enable and start systemd services for the local LLM backend.
  • [PROMPT_INJECTION]: The skill implements a process_command function that processes untrusted user_input to execute Home Assistant service calls.
  • [PROMPT_INJECTION]: Ingestion points: The user_input parameter in the process_command function within SKILL.md.
  • [PROMPT_INJECTION]: Boundary markers: Absent; user input is included in chat messages without delimiters or 'ignore embedded instructions' warnings.
  • [PROMPT_INJECTION]: Capability inventory: The skill uses hass.services.async_call to perform actions on lights, switches, and other home entities.
  • [PROMPT_INJECTION]: Sanitization: The function uses regex and JSON parsing to extract actions but does not validate the requested services or target entities against a whitelist.
Recommendations
  • HIGH: Downloads and executes remote code from: https://ollama.com/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 19, 2026, 12:25 AM
Security Audit — agent-trust-hub — local-llm